IOC Radar
IPMediumSignal 50/100

185.177.72.29

Location
SpainSpain
Vélizy-Villacoublay, ENG
ASN
AS211590
FBW NETWORKS
First Seen
Jul 4, 2025
Last Seen
Jun 2, 2026
Jul 4
First Seen
345d ago
Jun 2
Last Seen
12d ago
21
Reports
source reports
50%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
50%
Signal Score
50 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

29 techniques

Network Information

CountryESSpain
RegionVélizy-Villacoublay, ENG
ASNAS211590
OrganizationFBW NETWORKS

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

21 reports50% confidence
21
Source reports
50%
Confidence score
Category tags
abuseactive scanactive scanningafricaapacheapache attackeraptargentinaasiaattackaustraliaauto-blockedbad reputationbad web botbangladeshbelgiumblog spambotnetbotnet activitybrazilbrute forcebrute force attackbrute-forcec2c2 communicationcambodiacanadachinacivil servicescommand & controlcommand and controlcompromised hostcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedistributed attacksencryptioneuropeeurope/asiaexploitexploitation activityexploited hostfinlandfrfrancegermanygovernment technologyhackinghong kongidentity & access exploitationindiaindicatorinformation technologyinjection activityinjection attacksirelandit infrastructurejamaicajapankenyakorea, republic ofkyrgyzstanlithuaniamalaysiamalicious activitymalicious softwaremalwaremalware distributionmexicomorocconetherlandsnetworknew zealandnorth americanorwayoceaniaopen proxypassword attacksphishingphishing attackpolandprocess injectionproxypublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesresearchedromaniarussiascannerscanning activitysecurity operationsserbiasingaporesocial engineeringsocradar honeypotsoftware developmentsouth africasouth americaspainspamsql injectionsshssh attackssl-enrichmentswedensyrian arab republict1005t1016t1055t1059t1059.003t1071t1071.001t1105t1110.001t1110.002t1110.003t1110.004t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1573.001t1573.002t1595.001t1595.002t1595.003taiwantargeting databasethreat actorthreat intelligencethreat-inteltor nodetpotturkeyukraineunited kingdomunited statesvenezuela, bolivarian republic ofvpnvpn ipvulnerability scanvulnerability-exploitationweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
50
SIGNAL
Signal Score
50%
Confidence
21
Reports
First seenJul 4, 2025
Last seenJun 2, 2026
GeolocationES
CountrySpain
LocationVélizy-Villacoublay, ENG
ASNAS211590
OrgFBW NETWORKS
Coords53.1472, -2.2314
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Score: 50/100. Labels: abuseipdb:brute-force, abuseipdb:critical, abuseipdb:ddos, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:port-scan. 185.177.72.29 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, critical, ddos).
raw
inetnum: 185.177.72.0 - 185.177.72.255 netname: FR-FBW-NETWORKS-20161110 country: FR org: ORG-FNS23-RIPE admin-c: RC21564-RIPE tech-c: RC21564-RIPE abuse-c: ACRO59630-RIPE status: ALLOCATED PA mnt-routes: fr-rogercabot-mnt mnt-routes: lir-fr-fbw-networks-1-MNT mnt-by: lir-fr-fbw-networks-1-MNT mnt-by: RIPE-NCC-HM-MNT created: 2025-05-27T08:17:11Z last-modified: 2025-05-30T08:12:55Z source: RIPE organisation: ORG-FNS23-RIPE org-name: FBW NETWORKS SAS country: FR org-type: LIR address: 16 rue Grange Dame Rose address: 78140 address: V�lizy Villacoublay address: FRANCE phone: +33184207217 admin-c: GML75-RIPE tech-c: GML75-RIPE abuse-c: AR65110-RIPE mnt-ref: lir-fr-fbw-networks-1-MNT mnt-ref: RELCOMGROUP-EXT-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-fr-fbw-networks-1-MNT created: 2021-09-16T10:31:33Z last-modified: 2022-06-01T14:17:54Z source: RIPE # Filtered person: Roget Cabot address: Le rove phone: +336000000000 nic-hdl: RC21564-RIPE mnt-by: fr-rogercabot-mnt created: 2025-03-12T13:21:26Z last-modified: 2025-03-12T13:21:26Z source: RIPE route: 185.177.72.0/24 origin: AS211590 mnt-by: lir-fr-fbw-networks-1-MNT created: 2025-05-27T09:25:15Z last-modified: 2025-05-27T09:25:15Z source: RIPE
references
https://analytics.dugganusa.com/api/v1/stix-feed/v2, https://www.abuseipdb.com, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 12 days ago
Appeared in 21 threat reports